Re: Add 6to4 anycast prefixes to examples/bgpd.conf

Thu, 21 Jun 2018 10:03:02 -0700 

Sorry... i meant to say

 I typically reject prefixes on my ebgp routers if the prefix  has an as
path length > 40

Thanks
Tom Smyth




On Thu 21 Jun 2018, 17:39 Tom Smyth, <tom.sm...@wirelessconnect.eu> wrote:

> Hello Job,
>
> Im happy with that, (not that i have a say either way ;) )
>
> I was wondering would it be worth while to add rule to  limit on the
> aspath length that would be accepted in the examples/
> bgpd.conf  file also
>
> I typically reject prefixes on my ebgp routers if the prefix  has an as
> path length >
>
> I was just wondering if you / the community think there is any value to
> that being added to examples ...
>
> Or am i being overly restrictive ?
>
>
> On Thu 21 Jun 2018, 16:52 Job Snijders, <j...@openbsd.org> wrote:
>
>> Hi,
>>
>> Globally anycasted 6to4 has outlived its usefulness.
>> Operational discussion: http://seclists.org/nanog/2018/Jun/268
>>
>> Kind regards,
>>
>> Job
>>
>> diff --git etc/examples/bgpd.conf etc/examples/bgpd.conf
>> index a5fa7234a3c..77f610b9a06 100644
>> --- etc/examples/bgpd.conf
>> +++ etc/examples/bgpd.conf
>> @@ -118,6 +118,7 @@ deny from any prefix 127.0.0.0/8 prefixlen >= 8
>>  # localhost [RFC1122]
>>  deny from any prefix 169.254.0.0/16 prefixlen >= 16    # link local
>> [RFC3927]
>>  deny from any prefix 172.16.0.0/12 prefixlen >= 12     # private space
>> [RFC1918]
>>  deny from any prefix 192.0.2.0/24 prefixlen >= 24      # TEST-NET-1
>> [RFC5737]
>> +deny from any prefix 192.88.99.0/24 prefixlen >= 24    # 6to4 anycast
>> [RFC7526]
>>  deny from any prefix 192.168.0.0/16 prefixlen >= 16    # private space
>> [RFC1918]
>>  deny from any prefix 198.18.0.0/15 prefixlen >= 15     # benchmarking
>> [RFC2544]
>>  deny from any prefix 198.51.100.0/24 prefixlen >= 24   # TEST-NET-2
>> [RFC5737]
>> @@ -131,6 +132,7 @@ deny from any prefix 0100::/64 prefixlen >= 64
>>       # Discard-Only [RFC6666]
>>  deny from any prefix 2001:2::/48 prefixlen >= 48       # BMWG [RFC5180]
>>  deny from any prefix 2001:10::/28 prefixlen >= 28      # ORCHID [RFC4843]
>>  deny from any prefix 2001:db8::/32 prefixlen >= 32     # docu range
>> [RFC3849]
>> +deny from any prefix 2002::/16 prefixlen >= 16         # 6to4 anycast
>> [RFC7526]
>>  deny from any prefix 3ffe::/16 prefixlen >= 16         # old 6bone
>>  deny from any prefix fc00::/7 prefixlen >= 7           # unique local
>> unicast
>>  deny from any prefix fe80::/10 prefixlen >= 10         # link local
>> unicast
>>
>>

Reply via email to